It’s basically locked all his office files and changed the name to locked.filename.doc.random4letters

I need to get these documents back so he can open the file. The virus is one where if you have the virus and try and open the locked document you get a police popup saying ‘pay some money and open then’ I don’t know exactly, as the virus was on the laptop he had, which he no longer has, he just had the external hd with the locked files.

Anyway I found Kaspersky have a bit of software that can unlock these encrypted files, but you need one original file and he doesn’t have any originals.

Sadly, you need the original - what happened to the infected laptop? usually least some of the easily recovered standard files are encrypted (eg from the MS Office dir) and the same key will work for both.

Possibly, but it would be a great deal of work. You would need to cut custom code to reverse-engineer the RC4 key from the encrypted docx files you have, using the fact that the DOCX files are by necessity actually zipfiles containing xml files, and hence have a known structure (they start with the letters PK and contain the default filenames - for example [Content_Types].xml, word/document.xml and word/fontTable.xml - which are stored in plain text in zip format)

Google doesn't show me anyone else having attempted this, so you would be on your own.

0

Featured Post

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !

The Email Laundry PDF encryption service allows companies to send confidential encrypted emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …